CVE-2024-34577

2024-08-3007:15:11

CWE-79

[email protected]

web.nvd.nist.gov

cross-site scripting

wrc-x3000gs2

easysetup.cgi

input processing

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

17.7%

JSON

Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, and WRC-X3000GS2A-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user’s web browser.

Affected configurations

Nvd

Node

elecomwrc-x3000gs2-b_firmwareRange≤1.08

AND

elecomwrc-x3000gs2-bMatch-

Node

elecomwrc-x3000gs2-w_firmwareRange≤1.08

AND

elecomwrc-x3000gs2-wMatch-

Node

elecomwrc-x3000gs2a-b_firmwareRange≤1.08

AND

elecomwrc-x3000gs2a-bMatch-

VendorProductVersionCPE
elecomwrc-x3000gs2-b_firmware*cpe:2.3:o:elecom:wrc-x3000gs2-b_firmware:*:*:*:*:*:*:*:*
elecomwrc-x3000gs2-b-cpe:2.3:h:elecom:wrc-x3000gs2-b:-:*:*:*:*:*:*:*
elecomwrc-x3000gs2-w_firmware*cpe:2.3:o:elecom:wrc-x3000gs2-w_firmware:*:*:*:*:*:*:*:*
elecomwrc-x3000gs2-w-cpe:2.3:h:elecom:wrc-x3000gs2-w:-:*:*:*:*:*:*:*
elecomwrc-x3000gs2a-b_firmware*cpe:2.3:o:elecom:wrc-x3000gs2a-b_firmware:*:*:*:*:*:*:*:*
elecomwrc-x3000gs2a-b-cpe:2.3:h:elecom:wrc-x3000gs2a-b:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
elecom	wrc-x3000gs2-b_firmware	*	cpe:2.3:o:elecom:wrc-x3000gs2-b_firmware::::::::
elecom	wrc-x3000gs2-b	-	cpe:2.3:h:elecom:wrc-x3000gs2-b:-:::::::*
elecom	wrc-x3000gs2-w_firmware	*	cpe:2.3:o:elecom:wrc-x3000gs2-w_firmware::::::::
elecom	wrc-x3000gs2-w	-	cpe:2.3:h:elecom:wrc-x3000gs2-w:-:::::::*
elecom	wrc-x3000gs2a-b_firmware	*	cpe:2.3:o:elecom:wrc-x3000gs2a-b_firmware::::::::
elecom	wrc-x3000gs2a-b	-	cpe:2.3:h:elecom:wrc-x3000gs2a-b:-:::::::*